我正在尝试使用共享 key 作为身份验证从 Azure 文件共享 REST API 获取共享统计信息,但似乎无法找出授权 header
$storageAccount = 'XXXX'
$key = 'XXXXXXXX'
$resource = 'FileShare'
$sharedKey = [System.Convert]::FromBase64String($Key)
$date = [System.DateTime]::UtcNow.ToString("R")
$stringToSign = "GET`n`n`n`n`n`n`n`n`n`n`n`nx-ms-date:$date`nx-ms-type:file`nx-ms-version:2017-04-17`n/$storageAccount/$resource`nrestype:share"
$hasher = New-Object System.Security.Cryptography.HMACSHA256
$hasher.Key = $sharedKey
$signedSignature = [System.Convert]::ToBase64String($hasher.ComputeHash([System.Text.Encoding]::UTF8.GetBytes($stringToSign)))
$authHeader = "SharedKey ${StorageAccount}:$signedSignature"
$headers = @{"x-ms-date"=$date
"x-ms-version"="2009-09-19"
"Authorization"=$authHeader}
$URI = "https://$storageAccount.file.core.windows.net/FileShare?restype=share&comp=stats"
$sharestats = Invoke-RestMethod -method GET -Uri $URI -Headers $headers
Getting following error
Invoke-RestMethod : AuthenticationFailedServer failed to authenticate the
request. Make sure the value of Authorization header is formed correctly
including the signature.
RequestId:775d1220-801a-0183-1c21-813f18000000
Time:2020-09-02T12:06:23.5857168ZThe MAC signature found in the HTTP request
'ZIDwiCzzRcqJuIUbtGXUSC+jZ1tXgwnyZaIH12FXXXX=' is not the same as any computed
signature. Server used following string to sign: 'GET
x-ms-date:Wed, 02 Sep 2020 12:06:23 GMT
x-ms-version:2009-09-19
/storageaccount/fileshare
comp:stats
restype:share'.
At line:30 char:15
+ ... harestats = Invoke-RestMethod -method GET -Uri $URI -Headers $header ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:Htt
pWebRequest) [Invoke-RestMethod], WebException
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShe
ll.Commands.InvokeRestMethodCommand
引用:https://learn.microsoft.com/en-us/rest/api/storageservices/authorize-with-shared-key 和 https://learn.microsoft.com/en-us/rest/api/storageservices/get-share-stats
最佳答案
根据错误消息,您应该删除“x-ms-type:file”并在stringToSign 中添加comp:stats。
例如
$storageAccount = "andyprivate"
$accesskey = "h4pP1fe76m8hdksFW3TvkO6hgw09Mjue7yJOnULPI/g2eU8LGJ+a6k6SrU6dUkOU77waZfU8CacyVMlTWAUA5A==";
$resource = 'share2'
$version="2017-04-17"
$date = [System.DateTime]::UtcNow.ToString("R",[Globalization.CultureInfo]::InvariantCulture)
$stringToSign = "GET`n`n`n`n`n`n`n`n`n`n`n`n"+
"x-ms-date:$date`nx-ms-version:$version`n" +
"/$storageAccount/$resource`ncomp:stats`nrestype:share"
$hmacsha = New-Object System.Security.Cryptography.HMACSHA256
$hmacsha.key = [Convert]::FromBase64String($accesskey)
$signature = $hmacsha.ComputeHash([Text.Encoding]::UTF8.GetBytes($stringToSign))
$signature = [Convert]::ToBase64String($signature)
$headers=@{"x-ms-date"=$date;
"x-ms-version"= $version;
"Authorization"= "SharedKey $($storageAccount):$signature"
}
$URI = "https://$storageAccount.file.core.windows.net/$($resource)?restype=share&comp=stats"
$response = Invoke-RestMethod $URI -Method 'GET' -Headers $headers -UseBasicParsing
$response
关于azure - 如何使用 powershell 为具有共享 key 的 Azure 文件共享构建授权 header ,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/63705318/